Stuck Threads On WCC/UCM Managed Servers At GET /adfAuthentication request on SAML2/Okta Integration (Doc ID 2847293.1)

Last updated on MARCH 05, 2024

Applies to:

Symptoms

ISSUE
-----------------------
WebCenter Content (WCC) managed server(s) show stuck threads on a fairly regular basis.

Sometimes a "Service Unavailable" page is displayed, but other times do get to the login page. All the while, in the HTTP browser trace that it’s getting stuck on /adfAuthentication request.

The environment consists of SAML 2.0 with an Okta integration configured on a non-cloud based server which in turn fetches user information from the Microsoft Active Directory (AD).


ERROR
-----------------------
From UCM_server1.out:
================

<Jan 4, 2022 7:58:26,983 AM PST> <Emergency> <oracle.dfw.incident> <BEA-000000> <incident 69 created with problem key "BEA-000337 [/adfAuthentication]">
<Jan 4, 2022 7:59:26,394 AM PST> <Error> <WebLogicServer> <BEA-000337> <[STUCK] ExecuteThread: '28' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "690" seconds working on the request "Http Request Information: weblogic.servlet.internal.ServletRequestImpl@28c38be4[GET /adfAuthentication]
", which is more than the configured time (StuckThreadMaxTime) of "600" seconds in "server-failure-trigger". Stack trace:
    java.lang.Object.wait(Native Method)
    java.lang.Object.wait(Object.java:502)
    netscape.ldap.LDAPMessageQueue.waitForMessage(Unknown Source)
    netscape.ldap.LDAPMessageQueue.waitFirstMessage(Unknown Source)
    netscape.ldap.LDAPConnection.sendRequest(Unknown Source)
    netscape.ldap.LDAPConnection.add(Unknown Source)
    netscape.ldap.LDAPConnection.add(Unknown Source)
    netscape.ldap.LDAPConnection.add(Unknown Source)
    weblogic.ldap.EmbeddedLDAPConnection.add(EmbeddedLDAPConnection.java:1125)
    com.bea.common.ldap.LDAPStoreManager.flush(LDAPStoreManager.java:325)
    org.apache.openjpa.abstractstore.AbstractStoreManager.flush(AbstractStoreManager.java:277)
    org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)
    org.apache.openjpa.datacache.DataCacheStoreManager.flush(DataCacheStoreManager.java:571)
    org.apache.openjpa.kernel.DelegatingStoreManager.flush(DelegatingStoreManager.java:130)
    org.apache.openjpa.kernel.BrokerImpl.flush(BrokerImpl.java:2017)
    org.apache.openjpa.kernel.BrokerImpl.flushSafe(BrokerImpl.java:1915)
    org.apache.openjpa.kernel.BrokerImpl.beforeCompletion(BrokerImpl.java:1833)
    org.apache.openjpa.kernel.LocalManagedRuntime.commit(LocalManagedRuntime.java:81)
    org.apache.openjpa.kernel.BrokerImpl.commit(BrokerImpl.java:1357)
    kodo.kernel.KodoBroker.commit(KodoBroker.java:103)
    org.apache.openjpa.kernel.DelegatingBroker.commit(DelegatingBroker.java:877)
    kodo.jdo.PersistenceManagerImpl.commit(PersistenceManagerImpl.java:410)
    com.bea.security.saml2.util.cache.SAML2StoreServiceBasedCacheImpl.put(SAML2StoreServiceBasedCacheImpl.java:292)
    com.bea.security.saml2.util.cache.SAML2StoreServiceBasedCacheImpl.put(SAML2StoreServiceBasedCacheImpl.java:251)
    com.bea.security.saml2.util.cache.SAML2StoreServiceBasedCacheImpl.put(SAML2StoreServiceBasedCacheImpl.java:35)
    com.bea.security.saml2.service.spinitiator.SPInitiatorImpl.process(SPInitiatorImpl.java:178)
    com.bea.security.saml2.cssservice.SAML2ServiceImpl.process(SAML2ServiceImpl.java:144)
    sun.reflect.GeneratedMethodAccessor522.invoke(Unknown Source)
    sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    java.lang.reflect.Method.invoke(Method.java:498)
    com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler.invoke(ThreadClassLoaderContextInvocationHandler.java:33)
    com.sun.proxy.$Proxy89.process(Unknown Source)
    com.bea.security.saml2.servlet.SAML2Filter.doFilter(SAML2Filter.java:49)
    weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:34)
    weblogic.servlet.security.internal.WebAppSecurity$ServletAuthenticationFilterAction.run(WebAppSecurity.java:1106)
    weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:344)
    weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197)
    weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203)
    weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71)
    weblogic.servlet.security.internal.WebAppSecurity.invokeAuthFilterChain(WebAppSecurity.java:963)
    weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:209)
    weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
    weblogic.servlet.security.internal.ChainedSecurityModule.checkAccess(ChainedSecurityModule.java:69)
    weblogic.servlet.security.internal.SecurityModule.isAuthorized(SecurityModule.java:731)
    weblogic.servlet.security.internal.WebAppSecurity.checkAccess(WebAppSecurity.java:585)
    weblogic.servlet.security.internal.WebAppSecurity.checkAccess(WebAppSecurity.java:545)
    weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2397)
    weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2299)
    weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2277)
    weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1710)
    weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1670)
    weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272)
    weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352)
    weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337)
    weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57)
    weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41)
    weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:655)
    weblogic.work.ExecuteThread.execute(ExecuteThread.java:420)
    weblogic.work.ExecuteThread.run(ExecuteThread.java:360)
>


STEPS TO REPLICATE
-----------------------
1. Open the We Content page ina browser.
2. This forwards the login request via WebLogic (WLS) to initiating a successful SAML login.
3. Log-in and close without logging off.
4. After an hour or so (especially when the traffic is low), open a new browser to log onto WCC and click on login.
5. It will spin for 3-5 minutes and either "Service Unavailable" error is displayed or sometimes the SAML login page is displayed.


BUSINESS IMPACT
-----------------------
Admin(s) are noticing stuck threads on UCM managed servers on the two-node cluster even when there is low traffic and user(s) either gets the "Service Unavailable" error page or gets to the SAML login page after 3-5 minutes.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.